Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Security concern #2309

Closed
JamieSlome opened this issue Dec 31, 2021 · 1 comment
Closed

Security concern #2309

JamieSlome opened this issue Dec 31, 2021 · 1 comment
Assignees
@jeromeleonard
Labels
enhancement priority:high High Priority TheHive4 TheHive4 related issues
Milestone
4.1.17

Comments

@JamieSlome
Copy link

Hey there!

I belong to an open source security research community, and a member (@Shivansh-Khari) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)
@jeromeleonard jeromeleonard self-assigned this Jan 3, 2022
@jeromeleonard jeromeleonard added enhancement priority:high High Priority TheHive4 TheHive4 related issues labels Jan 3, 2022
@jeromeleonard jeromeleonard added this to the 4.1.17 milestone Jan 3, 2022
To-om added a commit that referenced this issue Jan 13, 2022
@To-om
#2309 Implement user lockout policy
64cb9b0
To-om added a commit that referenced this issue Jan 13, 2022
@To-om
#2309 Add API to reset failed attempts counter
c7fbabe
To-om added a commit that referenced this issue Jan 21, 2022
@To-om
#2309 Add extraData related to user lockout
f5baad1
To-om added a commit that referenced this issue Jan 22, 2022
@To-om
#2309 Add missing changes for lockout extraData
44dea68
@To-om To-om closed this as completed Jan 22, 2022
@JamieSlome
Copy link
Author

@jeromeleonard @To-om - it looks like all of the reports have been addressed?

If possible, could we mark the reports accordingly:
https://huntr.dev/bounties/6c042858-566c-4ad7-b7e2-f2671f125475/
https://huntr.dev/bounties/156011de-02c3-4c66-8abe-72b44cd2ce50/

This allows us to reward the researcher 👍

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@jeromeleonard jeromeleonard

Labels
enhancement priority:high High Priority TheHive4 TheHive4 related issues
Projects
None yet
Milestone
4.1.17
Development

No branches or pull requests
3 participants
@jeromeleonard @To-om @JamieSlome